mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-04 01:53:42 +02:00
04c7b4187a
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
182 lines
8.6 KiB
Plaintext
182 lines
8.6 KiB
Plaintext
CHANGELOG
|
|
=========
|
|
v.2.10.5
|
|
* Be able to get at the auth object the last processed ID
|
|
* Improve NameID Format support
|
|
* Reset errorReason attribute of the auth object after each Process method
|
|
* Validate serial number as string to work around libxml2 limitation
|
|
* Make the Issuer on the Response Optional
|
|
|
|
v.2.10.4
|
|
* [+](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1) Security update for signature validation on LogoutRequest/LogoutResponse
|
|
* [#192](https://github.com/onelogin/php-saml/pull/192) Added ability to configure DigestAlgorithm in settings
|
|
* [#183](https://github.com/onelogin/php-saml/pull/183) Fix strpos bug when decrypting assertions
|
|
* [#186](https://github.com/onelogin/php-saml/pull/186) Improve info on entityId validation Exception
|
|
* [#188](https://github.com/onelogin/php-saml/pull/188) Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
|
|
* Read ACS binding on AuthNRequest builder from settings
|
|
* Be able to relax Destination validation on SAMLResponses and let this
|
|
attribute to be empty with the 'relaxDestinationValidation' setting
|
|
|
|
v.2.10.3
|
|
* Implement a more specific exception class for handling some validation errors
|
|
* Minor changes on time validation/exceptions
|
|
* Add hooks to retrieve last-sent and last-received requests and responses
|
|
* Improve/Fix tests
|
|
* Add DigestAlgorithm support on addSign
|
|
* [#177](https://github.com/onelogin/php-saml/pull/177) Add error message for bad OneLogin_Saml2_Settings argument
|
|
|
|
v.2.10.2
|
|
* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building
|
|
* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat
|
|
* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted
|
|
|
|
v.2.10.1
|
|
* Fix error message on SignMetadata process
|
|
* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted
|
|
|
|
v.2.10.0
|
|
* Several security improvements:
|
|
* Conditions element required and unique.
|
|
* AuthnStatement element required and unique.
|
|
* SPNameQualifier must math the SP EntityID
|
|
* Reject saml:Attribute element with same “Name” attribute
|
|
* Reject empty nameID
|
|
* Require Issuer element. (Must match IdP EntityID).
|
|
* Destination value can't be blank (if present must match ACS URL).
|
|
* Check that the EncryptedAssertion element only contains 1 Assertion element.
|
|
* Improve Signature validation process
|
|
* AttributeConsumingService support
|
|
* Support lowercase Urlencoding (ADFS compatibility).
|
|
* [#154](https://github.com/onelogin/php-saml/pull/154) getSelfHost no longer returns a port number
|
|
* [#156](https://github.com/onelogin/php-saml/pull/156) Use correct host on response destination fallback check
|
|
* [#158](https://github.com/onelogin/php-saml/pull/158) NEW Control usage of X-Forwarded-* headers
|
|
* Fix issue with buildRequestSignature. Added RelayState to the SignQuery only if is not null.
|
|
* Add Signature Wrapping prevention Test
|
|
* Improve _decryptAssertion in order to take care of Assertions with problems with namespaces
|
|
* Improve documentation
|
|
|
|
v.2.9.1
|
|
.......
|
|
* [134](https://github.com/onelogin/php-saml/pull/134) PHP7 production settings compiles out assert(), throw an exception explicitly
|
|
* [132](https://github.com/onelogin/php-saml/pull/132) Add note for "wantAssertionsEncrypted"
|
|
* Update copyright on LICENSE
|
|
|
|
v.2.9.0
|
|
-------
|
|
* Change the decrypt assertion process.
|
|
* Add 2 extra validations to prevent Signature wrapping attacks.
|
|
* Remove reference to wrong NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified should be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
|
|
* [128](https://github.com/onelogin/php-saml/pull/128) Test php7 and upgrade phpunit
|
|
* Update Readme with more descriptive requestedAuthnContext description and Security Guidelines
|
|
|
|
v.2.8.0
|
|
-------
|
|
* Make NameIDPolicy of AuthNRequest optional
|
|
* Make nameID requirement on SAMLResponse optional
|
|
* Fix empty URI support
|
|
* Symmetric encryption key support
|
|
* Add more Auth Context options to the constant class
|
|
* Fix DSA_SHA1 constant on xmlseclibs
|
|
* Set none requestedAuthnContext as default behaviour
|
|
* Update xmlseclibs lib
|
|
* Improve formatPrivateKey method
|
|
* Fix bug when signing metadata, the SignatureMethod was not provided
|
|
* Fix getter for lastRequestID parameter in OneLogin_Saml2_Auth class
|
|
* Add $wantEncrypted parameter on addX509KeyDescriptors method that will allow to set KeyDescriptor[use='encryption'] if wantNameIdEncrypted or wantAssertionsEncrypted enabled
|
|
* Add $stay parameter on redirectTo method. (login/logout supports $stay but I forgot add this on previous 2.7.0 version)
|
|
* Improve code style
|
|
|
|
v.2.7.0
|
|
-------
|
|
* Trim acs, slo and issuer urls.
|
|
* Fix PHP 7 error (used continue outside a loop/switch).
|
|
* Fix bug on organization element of the SP metadata builder.
|
|
* Fix typos on documentation. Fix ALOWED Misspell.
|
|
* Be able to extract RequestID. Add RequestID validation on demo1.
|
|
* Add $stay parameter to login, logout and processSLO method.
|
|
|
|
v.2.6.1
|
|
-------
|
|
* Fix bug on cacheDuration of the Metadata XML generated.
|
|
* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
|
|
* Allows the authn comparsion attribute to be set via config.
|
|
* Retrieve Session Timeout after processResponse with getSessionExpiration().
|
|
* Improve readme readability.
|
|
* Allow single log out to work for applications not leveraging php session_start. Added a callback parameter in order to close the session at processSLO.
|
|
|
|
v.2.6.0
|
|
-------
|
|
* Set NAMEID_UNSPECIFIED as default NameIDFormat to prevent conflicts with IdPs that don't support NAMEID_PERSISTENT.
|
|
* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
|
|
* Change visibility of _decryptAssertion to protected.
|
|
* Update xmlseclibs library.
|
|
* Handle valid but uncommon dsig block with no URI in the reference.
|
|
* login, logout and processSLO now return ->redirectTo instead of just call it.
|
|
* Split the setting check methods. Now 1 method for IdP settings and other for SP settings.
|
|
* Let the setting object to avoid the IdP setting check. required if we want to publish SP SAML Metadata when the IdP data is still not provided.
|
|
|
|
v.2.5.0
|
|
-------
|
|
* Do accesible the ID of the object Logout Request (id attribute).
|
|
* Add note about the fact that PHP 5.3 is unssuported.
|
|
* Add fingerprint algorithm support.
|
|
* Add dependences to composer.
|
|
|
|
v.2.4.0
|
|
-------
|
|
* Fix wrong element order in generated metadata.
|
|
* Added SLO with nameID and SessionIndex in demo1.
|
|
* Improve isHTTPS method in order to support HTTP_X_FORWARDED_PORT.
|
|
* Set optional the XMLvalidation (enable/disable it with wantXMLValidation security setting).
|
|
|
|
v.2.3.0
|
|
-------
|
|
* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
|
|
* Improve test and documentation.
|
|
* Improve ADFS compatibility.
|
|
* Remove unnecessary XSDs files.
|
|
* Make available the reason for the saml message invalidation.
|
|
* Adding ability to set idp cert once the Setting object initialized.
|
|
* Fix status info issue.
|
|
* Reject SAML Response if not signed and strict = false.
|
|
* Support NameId and SessionIndex in LogoutRequest.
|
|
* Add ForceAuh and IsPassive support.
|
|
|
|
v.2.2.0
|
|
-------
|
|
* Fix bug with Encrypted nameID on LogoutRequest.
|
|
* Fixed usability bug. SP will inform about AuthFail status after process a Response.
|
|
* Added SessionIndex support on LogoutRequest, and know is accesible from the Auth class.
|
|
* LogoutRequest and LogoutResponse classes now accept non deflated xml.
|
|
* Improved the XML metadata/ Decrypted Assertion output. (prettyprint).
|
|
* Fix bug in formatPrivateKey method, the key could be not RSA.
|
|
* Explicit warning message for signed element problem.
|
|
* Decrypt method improved.
|
|
* Support more algorithm at the SigAlg in the Signed LogoutRequests and LogoutResponses
|
|
* AuthNRequest now stores ID (it can be retrieved later).
|
|
* Fixed a typo on the 'NameIdPolicy' attribute that appeared at the README and settings_example file.
|
|
|
|
|
|
v.2.1.0
|
|
-------
|
|
|
|
* The isValid method of the Logout Request is now non-static. (affects processSLO method of Auth.php).
|
|
* Logout Request constructor now accepts encoded logout requests.
|
|
* Now after validate a message, if fails a method getError of the object will return the cause.
|
|
* Fix typos.
|
|
* Added extra parameters option to login and logout methods.
|
|
* Improve Test (new test, use the new getError method for testing).
|
|
* Bugfix namespace problem when getting Attributes.
|
|
|
|
|
|
v.2.0.0
|
|
-------
|
|
|
|
* New PHP SAML Toolkit (SLO, Sign, Encryptation).
|
|
|
|
|
|
v.1.0.0
|
|
-------
|
|
|
|
* Old PHP SAML Toolkit.
|